FreeBSD Security Advisory FreeBSD-SA-05:01.telnet

Simon L. Nielsen simon at
Mon Mar 28 13:40:16 PST 2005

On 2005.03.28 13:24:08 -0800, Will Yardley wrote:
> On Mon, Mar 28, 2005 at 07:52:14PM +0000, FreeBSD Security Advisories wrote:
> [ Not sure else where to follow up to - I don't want to bug the security
> team directly about this, so just writing the list for now ]

In general it's fine to bug the security team directly of stuff like
this, but we also do read freebsd-security@ :-).

> > b) Execute the following commands as root:
> > 
> > # cd /usr/src
> > # patch < /path/to/patch
> On my home machine (5.3-RELEASE) this failed - I had to go to 
> /usr/src/contrib/telnet/telnet for the patch to apply.

Indeed, looks like the FreeBSD 5 patch is an "old" version since that
should have been fixed.  I just CC'ed nectar so this can be fixed

> > c) Rebuild the operating system as described in
> > <URL:>.
> Just curious... why is it necessary to rebuild the whole operating
> system? Normally, the security advisories just have you rebuild the
> program in question - wouldn't that have sufficed here?

Due to multiple telnet versions (especially in FreeBSD 4) it was
judged that including more specific build instructions for all the
possible combinations of telnet and build options gave to high a risk
for errors possibly resulting in users not actually getting telnet
rebuild correctly.

Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-security mailing list